AVEVA Process Optimization SQL Injection_CVE-2025-61943

8.4 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper with queries in Captive
Historian and achieve code execution under SQL Server administrative
privileges, potentially resulting in complete compromise of the SQL
Server.

Basic Information

ID CVE-2025-61943

Source icscert

Published Jan 16, 2026 at 00:09

Affected Product

Vendor AVEVA

Product Process Optimization

Affected Versions AVEVA Process Optimization 0

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Standard User) to tamper with queries in Captive \nHistorian and achieve code execution under SQL Server administrative \nprivileges, potentially resulting in complete compromise of the SQL \nServer.",
    "published": "2026-01-16T00:09:18.629Z",
    "modified": "2026-01-16T00:09:18.629Z",
    "type": "cve",
    "title": "AVEVA Process Optimization SQL Injection",
    "source": "icscert",
    "references": "https://www.aveva.com/en/support-and-success/cyber-security-updates/\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json",
    "id": "CVE-2025-61943",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "AVEVA Process Optimization 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Process Optimization",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}